Expert Insight On LendingCrowd Data Breach And The Need For 2FA On Financial Accounts

LendingCrowd has reported the data security incident to authorities and is communicating with the affected customers. While LendingCrowd has instructed customers to enable two-factor authentication in the wake of this breach, the incident raises the important question of why the financial services firm doesn’t already have 2FA and other strong authentication measures enabled for its customers by default.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Sam Bakken
Sam Bakken , Senior Product Marketing Manager
InfoSec Expert
November 5, 2019 10:46 am

Enabling two-factor authentication is great advice, but I wonder why LendingCrowd doesn’t enable it by default for its users – or at the very least for high-net-worth individuals. After all, this is a service that moves money around. We know that attackers are targeting financial services accounts, and we know that multi-factor authentication is VERY effective in preventing account takeover. User convenience is not a good excuse for not enforcing strong security. Face recognition, behavioral biometrics, and push technologies have gotten to a point where it’s really painless to layer on additional security and authentication technologies without hassling users.

Last edited 2 years ago by Sam Bakken
Sam Bakken
Sam Bakken , Senior Product Marketing Manager
InfoSec Expert
November 5, 2019 10:44 am

Enabling two-factor authentication is great advice, but I wonder why LendingCrowd doesn’t enable it by default for its users – or at the very least for high-net-worth individuals. After all, this is a service that moves money around. We know that attackers are targeting financial services accounts, and we know that multi-factor authentication is VERY effective in preventing account takeover. User convenience is not a good excuse for not enforcing strong security. Face recognition, behavioral biometrics, and push technologies have gotten to a point where it’s really painless to layer on additional security and authentication technologies without hassling users.

Last edited 2 years ago by Sam Bakken
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x